High-Level Overview

Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program. In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third-party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen trust with our clients, partners, and stakeholders.

Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance, risk, audit, and privacy domains.

What you'll do:

Governance & Policy

• Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
• Support policy exception management, attestation processes, and identify opportunities for process improvement.

Risk Management

• Assist with enterprise risk assessments, including vendor and process-level reviews.
• Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
• Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.

Compliance & Audit

• Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
• Assist with evidence gathering, control validation, and auditor engagement.
• Leverage GRC platforms to support audit, privacy, and compliance workflows.

Client Support & Sales Enablement

• Support the sales process by responding to client inquiries related to security, privacy, and compliance.
• Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
• Partner with sales and client success teams to provide timely, accurate responses that build client trust.

Privacy and Regulatory

• Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
• Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
• Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
• Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.

Advisory & Awareness

• Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
• Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
• Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
• Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.

What you'll bring:

• 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)
• Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
• Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
• Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
• Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
• Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.
• Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.
• An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
• Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.

High-Level Overview

Benevity is seeking a Senior Governance, Risk & Compliance (GRC) Analyst to elevate our security governance, risk, privacy, and regulatory posture. In this senior role, you will drive the execution, innovation, and continuous improvement of Benevity’s GRC program. You will lead compliance activities, conduct risk assessments, contribute to third-party risk management, respond to client due diligence requests, support FINTRAC/AML obligations, and influence policies and controls that strengthen trust with our clients, partners, and stakeholders.

As a trusted advisor across teams, you will help ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements while fostering a culture of security, compliance, and accountability. You’ll also mentor junior members of the team, helping to grow Benevity’s next generation of security and compliance professionals, with a focus on developing proactive and innovative approaches to GRC challenges.

What you'll do:

Governance & Policy

• Contribute to the development, maintenance, and rollout of security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
• Support policy approval, exception management, and attestation processes, actively seeking opportunities for process improvement and automation
  
  

Risk Management

• Lead and execute enterprise-wide risk assessments, including vendor and process-level reviews.
• Maintain and improve the risk register, track remediation activities, and support risk treatment planning.
• Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
  
  

Compliance & Audit

• Lead audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
• Coordinate evidence gathering, control validation, and auditor engagement.
• Leverage GRC platforms to streamline audit, privacy, and compliance workflows.

Client Support & Sales Enablement

• Support the sales process by responding to client inquiries related to security, privacy, and compliance.
• Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
• Partner with sales and client success teams to provide timely, accurate responses that build client trust.
  
  

Privacy and Regulatory

• Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
• Collaborate with legal and data governance teams to ensure compliance with data protection and financial crime regulations.
• Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
• Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.

Advisory, Awareness & Mentorship

• Partner with business and technical teams to embed risk and compliance into projects and initiatives.
• Deliver reporting and insights (dashboards, risk metrics, executive summaries) for leadership.
• Lead Benevity’s Security Awareness & Training program, including the design, delivery, and continuous improvement of awareness campaigns, training modules, and phishing simulations.
• Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.
• Mentor and coach junior team members, providing guidance, feedback, and knowledge sharing to support their growth and development.

What you'll bring:

• 5+ years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or high-growth environment.
• Strong knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and CCPA/CPRA.
• Hands-on experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to manage policies, risks, audits, privacy, and vendor risk workflows.
• Proven success in conducting risk assessments, managing vendor risk/TPRM, maintaining risk registers, and driving remediation.
• Experience supporting client due diligence processes (security questionnaires, RFPs, TPRM).
• Ability to clearly communicate risk, security, privacy, and regulatory concepts to both technical and non-technical stakeholders.
• Strong organizational and project management skills with experience leading cross-functional initiatives.
• A demonstrated interest and track record in leveraging automation and AI to streamline GRC processes and enhance efficiency.
• Certifications such as CISM, CRISC, CISSP, CISA, or CIPM/CIPP are highly valued.

Position Overview:

The Security Operations team is an agile, exciting, hands-on security operations team focused on protecting Diligent personnel, sites, and assets worldwide. We like to get our hands dirty working closely together and cross-functionally with the greater Security Department. Our goal is to maintain the confidentiality and integrity of customer, employee, and business information in compliance with organization, industry, and regional policies and standards.

Security Operations Analyst II is a part of high impact security operations team focused on protecting Diligent personnel, sites and assets worldwide. As part of the Security team, you will help to with the strategy, development, and deployment of a comprehensive physical and logical security operation programs. The position is responsible for oversight and operations on security event monitoring, incident response, user behavior analysis, threat hunting, in addition to maintaining the confidentiality and integrity of customer, employee, and business information in compliance with organization, industry, and regional policies and standards.

Key Responsibilities

• Actively monitor and respond to security alerts from tools such as SIEM, EDR, CNAP, etc.
• Analyze security alerts and document tuning opportunities to reduce false positives.
• Support change management responsibilities to reduce security risk/impact to corporate systems and networks.
• Contribute to security tooling policies and supporting process enhancement as needed to mature defense controls and facilitate exceptions for BAU operations.
• Initiate and coordinate incident response activities. Maintain documentation and reports for compliance purposes. 
• Configure and run network and endpoint vulnerability scans. Closely collaborate with technical teams to mitigate risks through patching and configuration changes.
• Assess and evaluate the suitability of existing and new security tools to bolster the organization’s security posture

Required Experience/Skills 

• 3-5 years of information technology experience or the equivalent combination of education, technical training, or work experience.
• Working experience in information security, especially on a Computer/Security Incident Response Team (C/SIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
• Working experience with regulatory compliance and information security management frameworks.
• Strong decision-making capabilities.
• Technical knowledge of anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns.

Preferred Experience/Skills

• Must have strong interpersonal skills with the ability to interact with customer’s technical, non-technical easily and effectively, support, and business staff at all levels.